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Amendments to the Drawings: 

The attached sheets of drawings include changes to FIGS. 1-3. These sheets replace the original 
sheets including FIGS. 1-3. 

Attachment: Replacement Sheet 
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REMARKS/ARGUMENTS 

This Amendment is in response to the Office Action mailed March 20, 2009. 
Claims 1-11 were pending in the present application. This Amendment amends claims 1-11 and 
adds new claims 12-16, leaving pending in the application claims 1-16. Applicants submit that 
no new matter has been introduced by virtue of these amendments. Reconsideration of the 
rejected claims is respectfully requested. 

Examiner Interview 

Applicants would like to thank Examiner Virginia Ho and Supervisory Examiner 
Gilberto Barron for the telephonic interview regarding this application conducted with 
Applicants' representative, Andrew Lee, on June 11, 2009. Claims 1 and 4 were discussed in 
light of Phillips et al. (U.S. Publication No. 2004/0210663, hereinafter "Phillips"). In particular, 
distinctions between the claims and the Phillips reference were discussed. 

With respect to claim 1, the Examiners indicated that the arguments presented 
were persuasive, but no particular agreement was reached. With respect to claim 4, the 
Examiners indicated that the arguments presented were persuasive and would likely serve to 
distinguish claim 4 from the Phillips reference. The following remarks reflect the substance of 
the discussion. 

Objection to the Drawings 

The drawings are objected to because "example IP addresses as described in the 
specification with reference to the drawings should be included in the Figures." (Office Action: 
Pg.2). 

Although Applicants disagree with the objection, solely in order to expedite 
prosecution the drawings have been amended to include the example IP addresses described in 
Specification. No new matter is added. 
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Objections to the Specification 

The Specification is objected to because of informalities. The Specification has 
been amended to address these informahties. No new matter is added. 



Objections to Claims 5, 6, and 11 

Claims 5, 6, and 1 1 are objected to because of informalities. Claims 5, 6, and 1 1 
have been amended to address these informalities. No new matter is added. 



35 U.S.C. S112 Rejection of Claims 4 and 5 

Claims 4 and 5 are rejected under 35 U.S.C. §1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
Applicants regard as the invention. In particular, the Office Action asserts: 

As per claims 4 and 5, the claims recite limitations regarding a "/over 2 suhnel." 
However, those of ordinary skill in the art recognize subnets as being conventionally associated 
with layer 3 rather than layer 2... For the purposes of examination, a "subnet" will be assumed to 
refer to the layer 3 subnet known conventionally in the art. 

As per claim 5, the claim recites the limitation of "defining a plane of the layer 2 device 
to be part of the virtual local area network, wherein the plane of the layer 2 device is assigned a 
source IP address". However, those of ordinary skill in the art would recognize a "plane" as a 
logical separation used to classify traffic of packets (control, data, and management). As such, it 
would not be possible to assign an IP address to such a "plane." However, the specification refers 
to an embodiment in which "switches in the layer 2 subnets would have a plane, or port, which is 
defined to be included in the MVLAN" (page 6, lines 9-11). For purposes of examination, a 
"plane" shall be regarded as a "port." 

Additionally, claim 5 refers to "the layer 2 device" and "the first layer 2 device" which 
lack antecedent basis. It is unclear whether "the layer 2 device" refers to the layer 2 switch or to 
the network device of claim 1. For the purposes of examination, the "layer 2 device" shall be 
regarded as the layer 2 switch. 

(Office Action, pgs. 4-6; emphasis in original). 

Although Applicants disagree with the rejections, solely in order to expedite 
prosecution Applicants have amended claims 4 and 5 to replace the phrase "layer 2 subnet" with 
"subnet." In addition. Applicants have amended claim 5 to replace "plane" with "port" and to 
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remove the references to "the layer 2 device" and the "the first layer 2 device." Accordingly, 
Applicants respectfiiUy submit that the Section 1 12 rejections of claim 4 and 5 are overcome. 



35 U.S.C. S102 Rejection of Claim 1 

Claim 1 is rejected under 35 U.S.C. § 102(e) as being anticipated by Phillips. 
Applicants respectfully traverse. 

Applicants' independent claim 1 (as amended) recites: 

A method comprising: 

identifying, by a network device, a first port of the network device as a 
management port, the fu'st port having a gateway address; 

identifying, by tlie network device, a second port of the network device as a non- 
management port; and 

fihering, by tlie network device, management data packets received on the 

second port. 

(Applicants' independent claim 1 , as amended). 

Applicants respectfully submit that the features of claim 1 are not anticipated by 
Phillips. For example, Phillips fails to disclose "identifying. . . a second port of the network 
device as a non-management port" and "filtering. . . management data packets received on the 
second port" as recited in claim 1 . 

The Office Action asserts that Phillips teaches the above features of claim 1 at 
paragraph 73. (Office Action: pg. 6). Applicants respectfully disagree. 

As explained at the Examiner interview, paragraph 73 of Phillips describes a 
"management virtual router" that uses a "configured Ethernet port for dedicated local or remote 
system management traffic where it isolates management traffic from data traffic on the system , 
keeping all other Ethernet ports available for data coimections to backend servers." (Phillips: 
para. 73; emphasis added). Thus, the management virtual router of Phillips is configured such 
that system management traffic is kept completely isolated from other data traffic. In other 
words, system management traffic is only received on one (dedicated) Ethemet port , and other 
data traffic is only received on other Ethernet ports . 



Page 13 of 17 



Appl. No. 10/668,455 PATENT 

Amdt. dated June 18, 2009 

Reply to Office Action of March 20, 2009 

In contrast, Applicants' claim 1 specifically recites that management data packets 
can be received on a non-management port (i.e., the recited second port), where the management 
data packets are processed at the non-management port by being filtered. Since Phillips teaches 
that system management traffic is only received on a dedicated management port (and thus 
cannot be received on other ports ), Phillips necessarily fails to disclose "identifying. . . a second 
port of the network device as a non-management port " and "filtering . . . management data packets 
received on the second port " as recited in claim 1 . (Emphasis added). 

Further, even assuming arguendo that Phillips can be construed as teaching the 
receipt of management data traffic on a non-management port, nowhere does Phillips specifically 
describe the fihering of such management data traffic . At the Examiner interview, Examiner Ho 
noted that paragraph 78 of Phillips makes reference to filtering data packets based on access 
control lists. However, paragraph 78 merely describes the general concept of data packet 
filtering, and docs not teach anything about the specific concept of filtering management data 
packets at a non-management port . Accordingly, Phillips fails to disclose " filtering . . . 
management data packets received on the second port " as recited in claim 1. (Emphasis added). 

For at least the foregoing reasons. Applicants respectfiilly submit that independent 
claim 1 is not anticipated or rendered obvious by Phillips, and respectfully request that the 
rejection of claim 1 be withdrawn. 

35 U.S.C. S103 Rejection of Claims 2 and 3 

Claims 2 and 3 are rejected under 35 U.S.C. §103 (a) as being unpatentable over 
Phillips. Applicants respectfiilly traverse. 

Claims 2 and 3 depend from independent claim 1, which is not anticipated or 
rendered obvious by Phillips as discussed above. Accordingly, claims 2 and 3 are allowable for 
at least a similar rationale as discussed for claim 1, and others. 
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35 U.S.C. S103 Rejection of Claims 4 and 5 

Claims 4 and 5 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Phillips in view of Haviland ("Designing High-Performance Campus Intranets with Multilayer 
Switching," 1998, hereinafter "Haviland"). Applicants respectfully traverse. 

Claims 4 and 5 depend from independent claim 1, which is not anticipated or 
rendered obvious by Phillips as discussed above. Accordingly, claims 4 and 5 are allowable for 
at least a similar rationale as discussed for claim 1 . 

In addition, claims 4 and 5 recite additional features that distinguish over the cited 
art. For example, claim 4 (as amended) recites, in part "defining a virtual local area network 
including the first [management] port." The Office Action asserts that this feature is shown in 
Phillips at Figure 4. (Office Action: pg. 8). However, as explained at the Examiner interview, 
Figure 4 of Phillips merely illustrates a virtual Ian A (34A) and a virtual Ian B (34N) connected 
with a default virtual router 40A and default virtual router 40N. Nowhere does Phillips state that 
either virtual Ian A or B includes a management port as recited in claim 1; in fact, the section of 
Phillips that the Office Action uses to show the recited first management port of claim 1 is in 
management virtual router 36 (which is completely separate fi'om virtual Ian A or B in Figure 4 
of Phillips). Accordingly, claim 4 is allowable for at least this additional reason. 

35 U.S.C. §103 Rejection of Claim 6 

Claim 6 is rejected under 35 U.S.C. § 103(a) as being unpatentable over Phillips in 
view of Haviland, and fiirther in view of Sylvest et al. (U.S. Publication No. 2003/0188003, 
hereinafter "Sylvesf ). Applicants respectfiiUy traverse. 

Claim 6 depends fi-om independent claim 1, which is not anticipated or rendered 
obvious by Phillips as discussed above. As best understood, Haviland and Sylvest do not 
provide any teaching that would remedy the deficiencies of Phillips in this regard. Accordingly, 
claim 6 is allowable for at least a similar rationale as discussed for claim 1, and others. 
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35 U.S.C. S103 Rejection of Claims 7-11 

Claims 7-1 1 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Phillips in view of Haviland, and further in view of Glenn ("A Summary of DoS/DDoS 
Prevention, Monitoring and Mitigation Techniques in a Service Provider Environment," 2003, 
hereinafter "Glenn"). Applicants respectfiilly traverse. 

Independent claim 9 recites features that are substantially similar to independent 
claim 1 , which is not anticipated or rendered obvious by Phillips as discussed above. As best 
understood, Haviland and Glenn do not provide any teaching that would remedy the deficiencies 
of Phillips in this regard. Accordingly, claim 9 is allowable for at least a similar rationale as 
discussed for claim 1, and others. 

Dependent claims 7, 8, 10, and 1 1 depend from claims 1 and 9 respectively, and 
are thus allowable for at least a similar rationale as discussed for claims 1 and 9, and others. 

New Claims 12-16 

New claims 12-16 have been added to cover various embodiments of the present 
invention. Support for these claims may be found in the Specification at, for example, FIG. 3 
and pages 9-10. No new matter is added. 

Applicants respectfully submit that claims 12-16 are allowable over the cited art. 

For example, independent claim 12 recites, in part: 
a control component configiu-ed to: 

detemiine if a destination IP address included in a received data packet 
corresponds to a gateway IP addi^ess of tlie management port; 

if the destination IP address does not correspond to the gateway IP 
address of the management port, determine if the data packet originated &om a management 
virtual local area network (VLAN), wherein the management VLAN includes the management 
port; 

if the destination IP address did not originate from a management 
VLAN, determine if the data packet uses a management protocol; and 

if the data packet uses a management protocol, drop the packet. 
(Applicants' claim 12, in part). 
No disclosure pertaining to these specific features could be found in the cited art. 
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Claims 13-16 depend from independent claim 12, and are thus allowable for at 
least a similar rationale as discussed for claim 12, and others. 

Amendments to the Claims 

Unless otherwise specified, amendments to the claims are made for purposes of 
clarity, and are not intended to alter the scope of the claims or limit any equivalents thereof. The 
amendments are supported by the Specification as filed and do not add new matter. 



CONCLUSION 

In view of the foregoing. Applicants beUeve all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfiiUy requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 650-326-2400. 

Respectfully submitted, 

/Andrew J. Lee/ 

Andrew J. Lee 
Reg. No. 60,371 

TOWNSEND and TOWNSEND and CREW LLP 

Two Embarcadero Center, Eighth Floor 

San Francisco, California 94111-3834 

Tel: 650-326-2400 

Fax: 415-576-0300 
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